There’s no precisely defined career track for DevOps engineers because they’re typically developers or sysadmins who develop an interest in other aspects of operations — such as network operations, deployment, or coding and scripting. Yet with more companies turning to DevOps to deliver products and updates more rapidly, there’s a growing demand for these multi-faceted professionals, and they’re playing an ever-more prominent role in modern companies.

Without a clear-cut career track to lead to a role as a DevOps engineer, companies hire and promote these professionals based on past experience and skillsets. But what characteristics are most important to ensure success as a DevOps engineer? To gain some insight into the skills, talents, and traits that today’s top DevOps engineers need in order to succeed, we reached out to a panel of DevOps pros and engineers and asked them to answer this question:

“What is the most important characteristic of a successful DevOps engineer?”

The cybersecurity talent shortage is real, with an estimated 1.8 million unfilled roles expected by 2020. And with 72% of CISOs claiming that their teams are facing alert fatigue, there’s not a lot of margin for error when it comes to getting accurate, context-rich alerts in front of under-resourced teams.

Traditional approaches to managing security alerts have often driven teams into a reactive mode where they’re overwhelmed by huge volumes of alerts or spend way too much critical time gathering information and digging around in log files. If this proliferation of data can be transformed into actionable intelligence, however, teams can become significantly more proactive and reduce risk over time.

The deadline for theGeneral Data Protection Regulation (GDPR)is fast approaching, with May 25 marking the official day of reckoning. The updates to the data protection directive of 1995 (Directive 95/46/EC) are designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy rights, and to reshape the way organizations across the EU approach data privacy.

There’s a likelihood that Compliance has approached your DevOps team to get on board. But when Compliance talks, what do you hear? Are you truly understanding what’s required of you to become GDPR compliant? Let’s take a look at some of the possible gaps in knowledge below.Read more “GDPR: What Compliance Says vs. What DevOps Hears”

Developers gonna develop. That’s why we’re developers. We want to set some implementation goal and then make that a reality. We like to stay heads down and focus on the immediate task at hand. Unfortunately, this can sometimes cause collateral damage. Secondary objectives can get ignored or even trampled in the race to meet the primary target. It’s also likely that other promising developments will get missed as they fall off the main path. Dealing with these issues is one of the many functions of compliance regulations.Read more “SLDC, SOC 2, and Other Four Letter Words”

More companies are moving to the cloud than ever before. Amazon Web Services (AWS) is one of the most popular cloud platforms, and for good reason: AWS provides a robust set of features and services that give it broad appeal among businesses of all sizes. But when it comes to security, many companies continue to fall short, putting their sensitive data at risk. In a recent Threat Stack study, for example, we discovered that 73% of companies have at least one critical AWS security misconfiguration that enables an attacker to gain access directly to private services or the AWS console, or that could be used to mask criminal activity from monitoring technologies.

To gain some insight into the biggest (and potentially most devastating) mistakes companies are making related to AWS security as well as tips and strategies for avoiding them, we reached out to a panel of InfoSec pros and AWS experts and asked them to answer this question:

“What’s the number one mistake companies make when it comes to AWS security (and how can they avoid it)?”

We champion a security-first DevOps culture at Threat Stack, and I’ve had the opportunity of building DevOps best practices into the company since its earliest days. In our experience, this is the best way of simultaneously reducing risk and achieving peak operational efficiency.

Getting the right players on your DevOps team is crucial to this goal, of course. But how do you filter out the star players from the mediocre? Beyond a careful analysis of a candidate’s background and experience, asking the right interview questions can reveal valuable insights that make it possible to find the ideal candidate to complement your existing team’s skill sets and personalities.

To find out what questions today’s dev leaders turn to during interviews for these all-important insights, we reached out to a panel of hiring managers and dev team leaders and asked them to answer this question:

What’s old was new again at DevOpsDays Austin last week, with the 7th annual conference featuring fewer attendees, the elimination of sponsor tables, and a format that put the focus back on knowledge-sharing and human interaction. Running May 3–4 at the Darrell K. Royal-Texas Memorial Stadium, the conference was an interesting exercise in returning to the roots of DevOpsDays, and the payoff was quality presentations and conversations. Read on for a few of the highlights.Read more “DevOpsDays Austin Recap: Getting Back to Basics”

It seems that organizations are finally understanding the importance of bridging the gap between security and operations. In a survey we conducted recently, 85% of respondents said that employing SecOps best practices is an important goal for their organizations. Nevertheless, only 35% reported that SecOps is currently an established practice.

When it comes to the ideal of marrying security and operations, many are held back by a lack of expertise. The cybersecurity skills gap has created a severe talent drought in the industry, which is expected to leave 3.5 million cybersecurity jobs open by 2021.

It’s worth looking at what the qualities of an ideal security hire are in today’s business climate, and why it’s so difficult to find these types of professionals. In this post, we’ll outline the skill sets that cybersecurity professionals need to cultivate in the age of the cloud, explain why that ideal is so hard to find, and offer practical advice for moving your SecOps program forward, regardless of who you’re able to bring on your team full-time.Read more “Profile of an Ideal Security Hire in 2018”

No matter where you sit in your organization, you should know what happens when you sacrifice security for speed. Threat Stack recently surveyed DevOps and security pros and found that more than half (52%) of companies make this very sacrifice, cutting back on security measures to meet a business deadline or objective. Additionally, 62% of security professionals surveyed stated that their Operations teams push back when asked to deploy secure technology — often because Ops fears it will slow things down.

This might not seem like a large problem until you consider what actually happens when you sacrifice security for speed. By putting speed above security best practices, you open your organization up to breaches and attacks. But ironically, contrary to the belief of some operations professionals, applying security best practices doesn’t necessarily require you to slow down forever.

Creating APIs for your SaaS products provides invaluable benefits to your customers, allowing developers to plug into your resources and bring their products to market more quickly and efficiently than ever before. An API also allows you to integrate easily with other SaaS organizations, expanding your range of functionality to offer customers new features, increase your inherent value as a provider, and gain a competitive edge in the marketplace.

As with most beneficial technology, however, APIs are not without their risks. Exposing your APIs can leave you vulnerable to theft of API keys, a fairly easy way for cybercriminals to carry out denial of service attacks if you haven’t implemented the right security measures. These attacks overwhelm your server with data requests, crippling the availability of your product, and even costing you money, should the attackers demand a ransom.

At Threat Stack, we recently released Version 2 of our REST API, which serves as a way for customers to connect to our organization and extract critical information around security concerns in their environments. With Version 2, we have incorporated updates to meet industry best practices and to better protect ourselves and our customers’ data. Drawing on this experience, we have outlined below the ways in which you as a SaaS company can better manage security for your own APIs.Read more “5 Tips for Managing Security for APIs”